Authentication and SSO

Single Sign-On integration

Your team can sign in to Tallyfy with the same company login they already use for everything else. There’s no separate Tallyfy password to remember or reset. It’s free on every paid plan, and most teams finish setup in about 30 minutes. You can even make it the only way people log in, so no one slips in with a personal password.

This is single sign-on, or SSO¹. It works with the big identity providers - Microsoft Entra ID, Google Workspace, Okta, OneLogin, and JumpCloud - plus any provider that supports the SAML² standard.

SSO benefits

Benefit	What it means
Security	Apply your company’s existing security rules and MFA (an extra login check beyond a password) to Tallyfy
One login	Team members use their corporate username and password
Access control	Manage Tallyfy permissions from your identity provider
Auto-provisioning	New users get Tallyfy accounts on first SSO login
Consistent policies	Same password complexity and session rules across all systems
Less IT overhead	No more Tallyfy-specific password resets

SSO as replacement for e-signatures

SSO authentication creates audit trails that can replace e-signature tools for internal approvals.

Why skip traditional e-signatures for internal use?

Extra cost per signature/user
Separate system to manage
Workflow interruption - users leave Tallyfy, sign elsewhere, then return

SSO-based approvals give you:

No extra cost - included with paid Tallyfy plans
Identity verification - corporate SSO confirms the approver’s identity
Audit trail - every approval logged with timestamp and user identity
No context switching - approvers complete tasks without leaving Tallyfy
Legal compliance - meets requirements for internal corporate approvals in most jurisdictions

Common use cases: purchase orders, policy acknowledgments, budget authorizations, project sign-offs, compliance confirmations, HR approvals.

Enforcing SSO-only access

Tallyfy can lock down your org so SSO is the only login method. When sso_auth_only is enabled:

Email and password logins are disabled org-wide
Manual member invites are blocked - all users must come through your identity provider
Non-SSO login attempts redirect to your SAML login page

For security details, see Compliance documentation on Mandatory Single Sign-On.

To enable SSO-only mode, contact Tallyfy support.

SSO authentication flow

Here’s what happens when someone logs in via SSO:

User visits your org’s Tallyfy login link
Tallyfy redirects to your identity provider (Entra ID, Google, etc.)
User authenticates with corporate credentials and MFA
Identity provider sends a SAML assertion back to Tallyfy
First-time users get accounts created automatically from identity provider data (email, first name, last name)

Supported identity providers

Microsoft Entra ID (formerly Azure Active Directory)

Cloud identity and access management with conditional access and MFA.

Azure AD Setup Guide →

Google Workspace (formerly G Suite)

Identity platform for businesses using Gmail, Drive, and other Google tools.

Google Workspace Setup Guide →

Okta

Cloud-based identity service for enterprise SSO.

Okta Setup Guide →

OneLogin

Identity and access management with SSO capabilities.

OneLogin Setup Guide →

JumpCloud

Cloud directory platform with SAML-based SSO.

JumpCloud Setup Guide →

Other SAML 2.0 providers

Any SAML 2.0-compatible identity provider works. Contact support to verify compatibility.

Requirements for SSO setup

Admin access in both Tallyfy and your identity provider
Metadata exchange - URLs, certificates, and entity IDs between systems
Attribute mapping - email, first name, and last name fields from your identity provider to Tallyfy
Testing - verify with different user types before rolling out org-wide

Getting started

Pick the setup guide for your identity provider above
Contact Tallyfy support or your account manager
Your IT team configures the identity provider side
Test with users from different departments and roles
Tell your team about the new login process

Troubleshooting authentication issues

Authentication loops

If you’re stuck in a login loop or can’t get past the login screen, visit https://account.tallyfy.com/logout ↗ to clear all sessions. Then clear your browser cookies for tallyfy.com, wait 10-15 seconds, and log in again.

For more details, see the authentication loop resolution guide.

Common SSO issues

Issue	Solution
Login loops with SSO	Visit https://account.tallyfy.com/logout ↗, then re-authenticate
Can’t switch orgs	Force logout and clear cookies for all tallyfy.com domains
SSO and password login conflict	Clear all sessions via the logout URL before switching methods
”Need admin approval” message	Your IT admin must approve Tallyfy in the identity provider settings

Mcp Server > Using SSO with MCP servers

SSO integration with MCP servers removes repeated authentication across AI tools. Users log in…

Authentication > Integrate Microsoft Entra ID SSO

Tallyfy integrates with Microsoft Entra ID (formerly Azure Active Directory) for SAML-based…

Authentication > Integrate OneLogin SSO

Set up SAML-based Single Sign-On between OneLogin and Tallyfy. Create a custom SAML connector in…

Authentication > Integrate Okta SSO

Tallyfy integrates with Okta through SAML 2.0 SSO. Create an Okta SAML app and exchange…

SSO (single sign-on) lets people sign in to Tallyfy with the company login they already use, so there’s no separate Tallyfy password. ↩
SAML is the common standard that identity providers use to pass a verified login securely between systems. ↩

Was this helpful?

Get in touch

About Tallyfy